<?php

/* Copyright (c) 2007 Alec Henriksen
 * phpns is free software; you can redistribute it and/or modify it under the
 * terms of the GNU General Public Licence (GPL) as published by the Free
 * Software Foundation; either version 2 of the Licence, or (at your option) any
 * later version.
 * Please see the GPL at http://www.gnu.org/copyleft/gpl.html for a complete
 * understanding of what this license means and how to abide by it.
*/

$globalvars['pagetype'] = "login";  //set page type
include("inc/header.php"); //include header file

$do = $_GET['do']; //get action
	
	if ($_GET['m'] == "out") {
		$message = '<div class="warning">You are successfully logged out!</div>';
	} elseif ($_GET['m'] == "nologin") {
		$message = '<div class="warning">Your username and password are correct, however, your rank is disallowing logging in at this time. Contact your administrator if you think this is a mistake.</div>';
	}

if (!$do) {
	$content = '
		<div id="login">
			<form id="login_form" action="?do=p" method="post">
				'.$message.'
				<h2>User login</h2>
				<label for="username">Username</label> <input type="text" name="username" id="username" onLoad="focus()" /><br />
				<label for="password">Password</label> <input type="password" name="password" id="password" /><br />
				<label for="remember">Remember me</label> <input type="checkbox" name="remember" id="remember">
				<div id="login_submit">
					<input type="submit" id="submit" value="Login" />
				</div>
			</form>
			<script type="text/javascript"> 
				document.getElementById(\'username\').focus(); 
			</script> 
		</div>';
} elseif ($do == "p") {
	$loginvar = array("username"=>$_POST['username'],"password"=>sha1($_POST['password']),"remember"=>$_POST['remember']);
	
	//check if database has entry + password
	$lsql = "SELECT * FROM users WHERE user_name='".$loginvar['username']."' AND  password='".$loginvar['password']."'";
	$lres = mysql_query($lsql) or die(mysql_error()); 
	$lnumcheck = mysql_num_rows($lres);
		if ($lnumcheck != 1) { //if no result was found...
			$content = '<div id="login_error" class="warning">
				<h3>Login failed</h3>
				<p>We could not find a user entry with that username and password. If you have forgotten your password, use the recovery tool. Cookies must be enabled to login to the system!</p>
		</div>
		
				<div id="login">
			<form id="login_form" action="?do=p" method="post">
				<h2>User login</h2>
				<label for="username">Username</label> <input type="text" name="username" id="username" value="' . $loginvar['username'] . '" /><br />
				<label for="password">Password</label> <input type="password" name="password" id="password" class="outline" /><br />

				<label for="remember">Remember me</label> <input type="checkbox" name="remember" id="remember">
				<div id="login_submit">
					<input type="submit" id="submit" value="Login" />
				</div>
			</form>
			<script type="text/javascript"> 
				document.getElementById(\'password\').focus(); 
			</script> 
		</div>';
		} else {
			//insert login record.
			$loginvar['timestamp'] = time();
			$sql = "INSERT INTO userlogin (username,rank_id,timestamp,ip) VALUES ('".$loginvar['username']."','1','".$loginvar['timestamp']."','".$globalvars['ip']."')";
			$res = mysql_query($sql) or die (mysql_error());
			
				//get some vars from db
				$fsql = 'SELECT * FROM users WHERE user_name="'.$loginvar['username'].'"';
				$fdata = mysql_fetch_array(mysql_query($fsql));
					//get rank string
					$rsql = 'SELECT * FROM ranks WHERE id='.$fdata['rank_id'].'';
					$rdata = mysql_fetch_array(mysql_query($rsql));
			//define session variables, set cookies
			$_SESSION['username'] = $fdata['user_name'];
			$_SESSION['permissions'] = $rdata['permissions'];
			$_SESSION['auth'] = "yes";
			
				//quick permission check (redir to error)
				if ($rdata['permissions'][8] == 0) {
					session_destroy();
					header("Location: login.php?m=nologin");
					die();	
				}
			
			header("Location: index.php"); //redirect to index
		}
	
} elseif ($do == "logout") { //if we're logging out...
	session_destroy(); //hehe.
	header("Location: login.php?m=out");
}
include("inc/themecontrol.php");
?>
